7 matches found
Sql injection
Multiple SQL injection vulnerabilities in class.ajax.php in Turnkey Web Tools SunShop Shopping Cart before 4.1.5 allow remote attackers to execute arbitrary SQL commands via 1 the id parameter in an editregistry action to index.php, 2 a vector involving the checkemail function, and other vectors...
CVE-2008-3768
The vulnerability is in Turnkey Web Tools SunShop Shopping Cart before 4.1.5, affecting the file component class.ajax.php . The CVE-2008-3768 entry describes multiple SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQL commands. Exploitation paths include (1) the id...
Sql injection
SQL injection vulnerability in index.php in Turnkey Web Tools SunShop Shopping Cart 3.5.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in an item action, a different vector than CVE-2008-2038, CVE-2007-4597, and CVE-2007-2549...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools SunShop Shopping Cart 4.0 allow remote attackers to execute arbitrary PHP code via a URL in the abspath parameter to 1 include/payment/payflowpro.php, 2 global.php, or 3 libsecure.php, different vectors than CVE-2007-2070...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools SunShop Shopping Cart before 3.5.1 allow remote attackers to execute arbitrary PHP code via a URL in the abspath parameter to 1 index.php or 2 checkout.php...
CVE-2007-2070
Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools SunShop Shopping Cart before 3.5.1 allow remote attackers to execute arbitrary PHP code via a URL in the abspath parameter to 1 index.php or 2 checkout.php...
CVE-2005-4787
Turnkey Web Tools SunShop Shopping Cart allows remote attackers to obtain sensitive information via a phpinfo action to 1 index.php, 2 admin/index.php, and 3 admin/adminindex.php, which executes the PHP phpinfo function. NOTE: The vendor has disputed this issue, saying that "Having this in the co...